Question 28
Domain 3: Infrastructure, Network, and Workload SecurityWhich network security control is MOST effective for protecting cloud-based web applications from common attacks like SQL injection and cross-site scripting?
Correct answer: B
Explanation
A Web Application Firewall inspects HTTP/HTTPS traffic and filters malicious requests aimed at application-layer flaws. It is designed to block common web attacks such as SQL injection and cross-site scripting by applying rules that detect and stop harmful payloads before they reach the cloud application.
Why each option is right or wrong
A. Network ACLs
B. Web Application Firewall (WAF)
A Web Application Firewall is the control specifically built to sit in front of HTTP/HTTPS applications and inspect Layer 7 requests for attack patterns associated with application-layer abuse. Under OWASP guidance, SQL injection and cross-site scripting are classic web-application threats, and a WAF can enforce signature-based and rule-based filtering to block malicious payloads before they reach the cloud-hosted app; by contrast, network firewalls and IDS/IPS are not as effective at understanding the full HTTP request context needed to stop these attacks.
C. DNS filtering
D. Load balancers